>-----Original Message----- >From: Mark J Cox [mailto:[EMAIL PROTECTED]] >Sent: 30 November 2001 12:07 >To: [EMAIL PROTECTED] >Subject: Re: Apache SSL Private Keys > > >> The adversary has root. If the private key is encrypted, they must >> also break that passphrase to get the key. > >But if an adversary gets root without rebooting your machine then the >unencrypted private keys are just sitting around in memory. The >passphrase is only protecting them between the time you reboot and the >time you enter the passphrase. > >Mark So to complete the hack, issue a command that dumps core, or even write a short C program to dump core. Most of my C programs do that ;-).
Then you can analyse the core dump to extract the keys. Child's play. Therefore, the passphrase only protects the key if it is removed from your server, but as has been shown, being able to remove the key requires (or should require) root privileges. QED. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]